Glibc Security Vulnerabilities and Issues — Glibc CVE List

Lucene search

GnuGlibc

11 matches found

CVE•added 2016/02/18 9:59 p.m.•257 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.93421EPSS

CVE•added 2016/06/10 3:59 p.m.•180 views

CVE-2016-4429

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

5.9CVSS6.8AI score0.016EPSS

CVE•added 2016/01/20 5:59 a.m.•132 views

CVE-2015-8777

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

5.5CVSS6.6AI score0.0006EPSS

CVE•added 2016/06/01 8:59 p.m.•127 views

CVE-2016-3075

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

7.5CVSS7.2AI score0.11367EPSS

CVE•added 2016/06/01 8:59 p.m.•123 views

CVE-2016-1234

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

7.5CVSS7.2AI score0.01181EPSS

CVE•added 2016/04/19 9:59 p.m.•121 views

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.1CVSS8.5AI score0.0538EPSS

CVE•added 2016/04/19 9:59 p.m.•120 views

CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

9.8CVSS9AI score0.02444EPSS

CVE•added 2016/04/19 9:59 p.m.•117 views

CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.8CVSS9.1AI score0.06604EPSS

CVE•added 2016/04/19 9:59 p.m.•116 views

CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8CVSS9.2AI score0.04971EPSS

CVE•added 2016/06/10 3:59 p.m.•87 views

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CV...

7.5CVSS7.5AI score0.03156EPSS

CVE•added 2016/10/07 2:59 p.m.•62 views

CVE-2016-6323

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using ...

7.5CVSS7.1AI score0.01133EPSS